Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Has Your Encryption Key If You Use Windows 10 (theintercept.com)

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

9 of 314 comments (clear)

  1. Re:Can a corporate security officer comment by Anonymous Coward · · Score: 3, Informative

    I know the opinion of a couple of high security smaller companies, only 20,000 to 60,000 employees... they both say, "holy shit no. Windows 10 is not even being considered for corporate deployment"

    speaking anon to not get in trouble with them.

  2. Re: Can a corporate security officer comment by Anonymous Coward · · Score: 2, Informative

    The point is moot not mute.

  3. Re:Can a corporate security officer comment by reggie6311 · · Score: 5, Informative

    I find this to be rather difficult to properly converse about. While I'm not a CISO per say, I consult many CISO's regularly and this is one of the topics that have come up recently and has opened up a lot of interesting discussions. To clear the air, Windows 10 Enterprise (and Windows 10 Professional) do not give you the ability to store Bitlocker keys with Microsoft when joined to Active Directory, nor do they automatically upload the keys. When joined to Active Directory, you have 3 options for key backup: Printing a Copy, Saving it to a file, Saving it to a USB key. Behind the scenes (not visible to the end-user), there is a 4th option in which you can require that the joined computer store a backup copy of the key on the computer object within Active Directory. This must be configured in AD and deployed as a GPO to the computers otherwise this backup option will not take place. The option to backup to a MS account is not available, even if you add a MS Account to the workstation. Now, to be transparent, none of the large (Fortune 500 or bigger) companies that I consult are using Bitlocker (rather, they are using various third-party drive encryption systems). Now, that isn't to say that there aren't any, just not the ones that I consult. However, several of my medium enterprise clients are. All of the discussions have all been centered around where to store recovery keys for the purpose of the business being able to decrypt a system if needed by an authorized administrator. This has caused a lot of issue because for my clients that are using Bitlocker, a few of them have considered moving to Azure AD (Active Directory run by Microsoft in the Cloud). My concerns about this have been that if you are using AD as a recovery for Bitlocker and you move AD to the cloud, this effectively does exactly what a MS account does to the home computer... puts the encryption keys in the hands of Microsoft. Now, not all of my medium enterprise clients are considering this, but of the few that are, we haven't been able to get clear information from MS on who all would have access to Azure AD and what their policies are.

  4. Re:Can a corporate security officer comment by ArmoredDragon · · Score: 5, Informative

    Even if you do consider Windows 10 (or 8 for that matter) don't under ANY circumstances use a Microsoft account to log in. Recall not long ago during Microsoft's "Scroogled" campaign, they were promising account privacy and that they'd never look into your account at all. Well sometime during all of that, they broke into a blogger's hotmail account (read: he was their own customer) to identify his leak source for future MS products, right after saying that "oh, well now we really mean it this time."

    The problem with a Microsoft account is that your computer now answers to Microsoft's authentication servers, which means they ultimately hold the keys to unlocking your computer. In scenarios such as the above, or a government request, or social engineering, practically anybody could unlock your computer.

    As I've said elsewhere, there's no practical benefit to having one (you can still download apps and whatnot without using a Microsoft account to log in to your PC) so why needlessly expose yourself to the above risk?

  5. Re:Dovetails with new surveillance legislation by Holi · · Score: 4, Informative

    "you can still get 7 or 8.1 on most systems"
    You haven't heard? Windows 10 Telemetry and spyware have been backported to Windows 7 and 8.
    http://www.extremetech.com/com...

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  6. Re:Hmmmm by Lunix+Nutcase · · Score: 4, Informative

    Then you don't get encryption.

    Bitlocker works without a Microsoft account so this is patently false.

  7. Re:did we forget the edward snowden stuff already? by strstr · · Score: 4, Informative

    here's a few ways NSA is intercepting it.

    1. all data over the internet is being saved so they nab the key as it's being uploaded plus any other data communicated with Microsoft transparently as you use the net. ; if they want to gain legal authority to use the snoop'd data they go for a warrant and get it 'lawfully' from Microsoft, parallel constructing how their case was built. even if Microsoft encrypts the signal communications between their server and the end-user, the data is nabbed, and most definitely all of the encryption codes for end-user and Microsoft server software is de-decryptable by NSA because NSA has all of Microsoft's encryption certificates and has broken most encryption.
    2. alt method is Microsoft just gives them all the encryption certificates secretly even without a warrant.

    This has been explained before. Check out the Whistleblowers Websites on the issue.

    williambinney.com thomasdrake.xyz russelltice.com drrobertduncan.com

  8. Re:Primer version anyone by wbr1 · · Score: 4, Informative

    It means MS has a copy of the keys to your bitlocker encrypted data. And by inference anyone with access to MS, hackers, government, disgruntled employees.. any could log into your computer and use the keys to unlock what you thought was encrypted and safe.

    --
    Silence is a state of mime.
  9. Re: Can a corporate security officer comment by Anonymous Coward · · Score: 2, Informative

    Fun fact: telemetry cannot be disabled in the Enterprise version either.
    Set it to "disabled" and it goes to the "Security" level. Source:
    https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx